The entertainment industry is in the midst of a digital revolution. Music, television, and movies are increasingly becoming digital, offering new advantages to the consumer in quality and flexibility. At the same time, since digital data can be perfectly and quickly copied, the digital revolution also comprises a threat. If consumers may freely copy entertainment content and offer that content on the Internet, the market for entertainment content would evaporate.
To solve this problem, several content protection schemes have been devised and are in wide use in the market. For example, DVD video is protected by the Content Scrambling System (CSS), DVD audio is protected by Content Protection for Pre-recorded Media (CPPM), digital video and audio recorders are protected by Content Protection for Recordable Media (CPRM), and digital busses are protected by Digital Transmission Content Protection (DTCP). All these schemes are based on encryption of the content. The device manufacturer is given cryptographic keys to decrypt the content, and in return is obligated by the license to follow a set of rules limiting the physical copies that can be made from a single piece of content.
The cryptographic keys required to encrypt and decrypt the content are distributed from a key generation facility to various entities involved in the content distribution network: content creators, media duplication facilities, devices for playing content, content distribution facilities, etc. Maintaining the secrecy of the cryptographic keys is essential for maintaining the integrity of a secure content protection scheme. The consequences of accidental or malicious disclosure of the long-lived secret keys are grave; loss of these secrets can lead total breakdown of the copy protection schemes the secrets support, and ultimately, to huge monetary loss for the participants of the copy protection scheme.
One conventional key generation facility secures the long-lived secrets by saving system secrets directly in cryptographic splits of the key (interchangeably referenced herein as key splits or splits) that are distributed to authorized persons (clients or client applications). The most sensitive system secrets reside in a secure cryptographic subsystem during operation, and are not otherwise externalized. The secure cryptographic subsystem comprises a separate computer.
Although this technology has proven to be useful, it would be desirable to present additional improvements. This conventional approach allows the system operator (e.g., Key Generating Facility, KGF) the ability to routinely restore the system from key splits; consequently, a single person can recover the long-lived secrets. The system state is saved unencrypted, part in a database, part in a set of files. The system saves its state after each transaction, and can be restored to any saved state. Backup comprises copying saved state to external media.
This conventional approach relies on the integrity of a single person, the system operator, to maintain the integrity of the secret keys and thus the key generation facility. The system operators by themselves have the ability to restore the secrets not just on that system but anywhere else. Consequently, this conventional approach put a burden of security and a liability on the operator to maintain integrity of the system.
Another conventional key generation facility saves in a database the encrypted system secrets and an encrypted state of the system after issuing a set of keys. Backup is performed by backing up the database. Rollback can only be performed by restoring the database to a previously saved backup state, and only the most recent state is saved. Enabling rollback to any transaction requires that the entire database be backed up after every transaction. The key used to encrypt the secrets and the state is saved as key splits that are distributed to authorized persons. A secure cryptographic subsystem is used to protect the key during normal operation.
Although this technology has proven to be useful, it would be desirable to present additional improvements.
For additional security, a system is desired that stores each state of the system after a set of keys is issued. For additional flexibility, the system can then be rolled back to any previously saved state. What is therefore needed is a system, a computer program product, and an associated method for protecting data in a security system. The need for such a solution has heretofore remained unsatisfied.